The use of computer networks and in particular the Internet for both business and personal reasons continues to grow at a rapid pace. For example, users increasingly rely on the Internet for business and personal communications, commercial transactions, and for distributing and gathering information of all kinds. However, with this increased reliance there is also increased vulnerability to harm caused by network outages.
One way that malicious users attempt to exploit this vulnerability is through a denial-of-service (DoS) attack. Denial-of-service attacks are attempts to overload or crash systems connected to a network such as the Internet by repeatedly targeting the system with so much data that it can no longer process legitimate requests in a timely manner. In fact, a DoS attack can overwhelm a system to the point that it crashes. Such attacks cause economic harm because the victim of the attack must spend time attempting to determine the source of the attack, and may also cause the victim to lose sales that would have otherwise occurred but for the attack.
Over time, DoS attacks have become more sophisticated. One example of this is the distributed denial-of-service attack (DDoS). Early DoS attacks were typically launched from a single system. In a DDoS attack, multiple systems are used to flood the victim system with requests. Often the systems participating in the DDoS attack are not even aware that they are participants, as is the case of system infected with a virus that launches the attack.
In order to mitigate the damage caused by DoS and DDoS attacks, it is desirable to both detect such attacks early, and trace attacks back to their source. However, when the attacks come from multiple sources, it is difficult for current detection systems to trace the attack to the multiple sources.
In view of the above problems, there is a need in the art for the present invention.